[unwinder] Add a vector-based code page mechanism for arm32

Add an API on Isolate that returns a sorted vector of code pages allocated
within V8. The implementation is designed to be signal-safe, so that the
user (the UMA sampling profiler) can access this information from a signal
handler, where allocation and taking locks is prohibited.

This CL adds the machinery for maintaining the list of allocated code
pages. Further CLs will modify the Unwinder API itself to accept the code
pages provided by this API.

The unwinder API currently uses the reserved virtual-memory range called
the CodeRange to identify where all V8 code objects live, but this doesn't
exist on arm32 or any 32-bit platform, so this approach adds a way to
expose the location of all valid V8 code objects in a signal-safe way for
use by the UMA sampling profiler.

On 64-bit, this API always gives the code_range and embedded_code_range, and
does not maintain a vector of code pages. This is so that we have a unified
API on 32 and 64-bit that can be used in exactly the same way by embedders.

Design doc:
https://docs.google.com/document/d/1VGwUult5AHLRk658VetwEHMOmDDxA2eDQs9lDFMZTE0

Bug: v8:8116
Change-Id: I732509a45121fc54853182481c24d1083275afce
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1564068
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#65469}

include/v8.h

@@ -9138,6 +9138,23 @@ class V8_EXPORT Isolate {
    */
   UnwindState GetUnwindState();
 
+  static constexpr size_t kMinCodePagesBufferSize = 32;
+
+  /**
+   * Copies the code heap pages currently in use by V8 into |code_pages_out|.
+   * |code_pages_out| must have at least kMinCodePagesBufferSize capacity and
+   * must be empty.
+   *
+   * Signal-safe, does not allocate, does not access the V8 heap.
+   * No code on the stack can rely on pages that might be missing.
+   *
+   * Returns the number of pages available to be copied, which might be greater
+   * than |capacity|. In this case, only |capacity| pages will be copied into
+   * |code_pages_out|. The caller should provide a bigger buffer on the next
+   * call in order to get all available code pages, but this is not required.
+   */
+  size_t CopyCodePages(size_t capacity, MemoryRange* code_pages_out);
+
   /** Set the callback to invoke in case of fatal errors. */
   void SetFatalErrorHandler(FatalErrorCallback that);
 

src/api/api.cc

@@ -8914,6 +8914,30 @@ UnwindState Isolate::GetUnwindState() {
   return unwind_state;
 }
 
+size_t Isolate::CopyCodePages(size_t capacity, MemoryRange* code_pages_out) {
+#if !defined(V8_TARGET_ARCH_X64) && !defined(V8_TARGET_ARCH_ARM64) && \
+    !defined(V8_TARGET_ARCH_ARM)
+  // Not implemented on all platforms.
+  UNREACHABLE();
+#else
+
+  i::Isolate* isolate = reinterpret_cast<i::Isolate*>(this);
+  std::vector<MemoryRange>* code_pages = isolate->GetCodePages();
+
+  DCHECK_NOT_NULL(code_pages);
+
+  // Copy as many elements into the output vector as we can. If the
+  // caller-provided buffer is not big enough, we fill it, and the caller can
+  // provide a bigger one next time. We do it this way because allocation is not
+  // allowed in signal handlers.
+  size_t limit = std::min(capacity, code_pages->size());
+  for (size_t i = 0; i < limit; i++) {
+    code_pages_out[i] = code_pages->at(i);
+  }
+  return code_pages->size();
+#endif
+}
+
 #define CALLBACK_SETTER(ExternalName, Type, InternalName)      \
   void Isolate::Set##ExternalName(Type callback) {             \
     i::Isolate* isolate = reinterpret_cast<i::Isolate*>(this); \

src/execution/isolate.cc

@@ -2236,6 +2236,14 @@ void Isolate::ReportPendingMessagesImpl(bool report_externally) {
   }
 }
 
+std::vector<MemoryRange>* Isolate::GetCodePages() const {
+  return code_pages_.load(std::memory_order_acquire);
+}
+
+void Isolate::SetCodePages(std::vector<MemoryRange>* new_code_pages) {
+  code_pages_.store(new_code_pages, std::memory_order_release);
+}
+
 void Isolate::ReportPendingMessages() {
   DCHECK(AllowExceptions::IsAllowed(this));
 
@@ -2979,6 +2987,8 @@ void Isolate::Deinit() {
   compiler_zone_ = nullptr;
   compiler_cache_ = nullptr;
 
+  SetCodePages(nullptr);
+
   ClearSerializerData();
 
   {
@@ -3268,6 +3278,14 @@ void Isolate::AddCrashKeysForIsolateAndHeapPointers() {
                           AddressToString(code_space_firstpage_address));
 }
 
+void Isolate::InitializeCodeRanges() {
+  DCHECK_NULL(GetCodePages());
+  MemoryRange embedded_range{reinterpret_cast<const void*>(embedded_blob()),
+                             embedded_blob_size()};
+  code_pages_buffer1_.push_back(embedded_range);
+  SetCodePages(&code_pages_buffer1_);
+}
+
 bool Isolate::Init(ReadOnlyDeserializer* read_only_deserializer,
                    StartupDeserializer* startup_deserializer) {
   TRACE_ISOLATE(init);
@@ -3294,6 +3312,10 @@ bool Isolate::Init(ReadOnlyDeserializer* read_only_deserializer,
   FOR_EACH_ISOLATE_ADDRESS_NAME(ASSIGN_ELEMENT)
 #undef ASSIGN_ELEMENT
 
+  // We need to initialize code_pages_ before any on-heap code is allocated to
+  // make sure we record all code allocations.
+  InitializeCodeRanges();
+
   compilation_cache_ = new CompilationCache(this);
   descriptor_lookup_cache_ = new DescriptorLookupCache();
   inner_pointer_to_code_cache_ = new InnerPointerToCodeCache(this);
@@ -4382,6 +4404,85 @@ AssertNoContextChange::AssertNoContextChange(Isolate* isolate)
     : isolate_(isolate), context_(isolate->context(), isolate) {}
 #endif  // DEBUG
 
+void Isolate::AddCodeMemoryRange(MemoryRange range) {
+  std::vector<MemoryRange>* old_code_pages = GetCodePages();
+  DCHECK_NOT_NULL(old_code_pages);
+
+  std::vector<MemoryRange>* new_code_pages;
+  if (old_code_pages == &code_pages_buffer1_) {
+    new_code_pages = &code_pages_buffer2_;
+  } else {
+    new_code_pages = &code_pages_buffer1_;
+  }
+
+  // Copy all existing data from the old vector to the new vector and insert the
+  // new page.
+  new_code_pages->clear();
+  new_code_pages->reserve(old_code_pages->size() + 1);
+  std::merge(old_code_pages->begin(), old_code_pages->end(), &range, &range + 1,
+             std::back_inserter(*new_code_pages),
+             [](const MemoryRange& a, const MemoryRange& b) {
+               return a.start < b.start;
+             });
+
+  // Atomically switch out the pointer
+  SetCodePages(new_code_pages);
+}
+
+// |chunk| is either a Page or an executable LargePage.
+void Isolate::AddCodeMemoryChunk(MemoryChunk* chunk) {
+  // We only keep track of individual code pages/allocations if we are on arm32,
+  // because on x64 and arm64 we have a code range which makes this unnecessary.
+#if !defined(V8_TARGET_ARCH_ARM)
+  return;
+#else
+  void* new_page_start = reinterpret_cast<void*>(chunk->area_start());
+  size_t new_page_size = chunk->area_size();
+
+  MemoryRange new_range{new_page_start, new_page_size};
+
+  AddCodeMemoryRange(new_range);
+#endif  // !defined(V8_TARGET_ARCH_ARM)
+}
+
+void Isolate::AddCodeRange(Address begin, size_t length_in_bytes) {
+  AddCodeMemoryRange(
+      MemoryRange{reinterpret_cast<void*>(begin), length_in_bytes});
+}
+
+// |chunk| is either a Page or an executable LargePage.
+void Isolate::RemoveCodeMemoryChunk(MemoryChunk* chunk) {
+  // We only keep track of individual code pages/allocations if we are on arm32,
+  // because on x64 and arm64 we have a code range which makes this unnecessary.
+#if !defined(V8_TARGET_ARCH_ARM)
+  return;
+#else
+  void* removed_page_start = reinterpret_cast<void*>(chunk->area_start());
+  std::vector<MemoryRange>* old_code_pages = GetCodePages();
+  DCHECK_NOT_NULL(old_code_pages);
+
+  std::vector<MemoryRange>* new_code_pages;
+  if (old_code_pages == &code_pages_buffer1_) {
+    new_code_pages = &code_pages_buffer2_;
+  } else {
+    new_code_pages = &code_pages_buffer1_;
+  }
+
+  // Copy all existing data from the old vector to the new vector except the
+  // removed page.
+  new_code_pages->clear();
+  new_code_pages->reserve(old_code_pages->size() - 1);
+  std::remove_copy_if(old_code_pages->begin(), old_code_pages->end(),
+                      std::back_inserter(*new_code_pages),
+                      [removed_page_start](const MemoryRange& range) {
+                        return range.start == removed_page_start;
+                      });
+
+  // Atomically switch out the pointer
+  SetCodePages(new_code_pages);
+#endif  // !defined(V8_TARGET_ARCH_ARM)
+}
+
 #undef TRACE_ISOLATE
 
 }  // namespace internal

src/execution/isolate.h

@@ -676,6 +676,10 @@ class Isolate final : private HiddenFactory {
     return &thread_local_top()->js_entry_sp_;
   }
 
+  V8_EXPORT_PRIVATE std::vector<MemoryRange>* GetCodePages() const;
+
+  V8_EXPORT_PRIVATE void SetCodePages(std::vector<MemoryRange>* new_code_pages);
+
   // Returns the global object of the current context. It could be
   // a builtin object, or a JS global object.
   inline Handle<JSGlobalObject> global_object();
@@ -1334,8 +1338,8 @@ class Isolate final : private HiddenFactory {
 
   // These always return the same result as static methods above, but don't
   // access the global atomic variable (and thus *might be* slightly faster).
-  const uint8_t* embedded_blob() const;
-  uint32_t embedded_blob_size() const;
+  V8_EXPORT_PRIVATE const uint8_t* embedded_blob() const;
+  V8_EXPORT_PRIVATE uint32_t embedded_blob_size() const;
 
   void set_array_buffer_allocator(v8::ArrayBuffer::Allocator* allocator) {
     array_buffer_allocator_ = allocator;
@@ -1484,6 +1488,10 @@ class Isolate final : private HiddenFactory {
   // before such a mode change to ensure that this cannot happen.
   V8_EXPORT_PRIVATE void CollectSourcePositionsForAllBytecodeArrays();
 
+  void AddCodeMemoryChunk(MemoryChunk* chunk);
+  void RemoveCodeMemoryChunk(MemoryChunk* chunk);
+  void AddCodeRange(Address begin, size_t length_in_bytes);
+
  private:
   explicit Isolate(std::unique_ptr<IsolateAllocator> isolate_allocator);
   ~Isolate();
@@ -1493,6 +1501,9 @@ class Isolate final : private HiddenFactory {
 
   void CheckIsolateLayout();
 
+  void InitializeCodeRanges();
+  void AddCodeMemoryRange(MemoryRange range);
+
   class ThreadDataTable {
    public:
     ThreadDataTable() = default;
@@ -1807,6 +1818,12 @@ class Isolate final : private HiddenFactory {
   base::Mutex thread_data_table_mutex_;
   ThreadDataTable thread_data_table_;
 
+  // A signal-safe vector of heap pages containing code. Used with the
+  // v8::Unwinder API.
+  std::atomic<std::vector<MemoryRange>*> code_pages_{nullptr};
+  std::vector<MemoryRange> code_pages_buffer1_;
+  std::vector<MemoryRange> code_pages_buffer2_;
+
   // Enables the host application to provide a mechanism for recording a
   // predefined set of data as crash keys to be used in postmortem debugging
   // in case of a crash.

src/heap/heap.h

@@ -1018,7 +1018,7 @@ class Heap {
 
   // Slow methods that can be used for verification as they can also be used
   // with off-heap Addresses.
-  bool InSpaceSlow(Address addr, AllocationSpace space);
+  V8_EXPORT_PRIVATE bool InSpaceSlow(Address addr, AllocationSpace space);
 
   static inline Heap* FromWritableHeapObject(HeapObject obj);
 

src/heap/spaces.cc

@@ -4,6 +4,7 @@
 
 #include "src/heap/spaces.h"
 
+#include <algorithm>
 #include <cinttypes>
 #include <utility>
 
@@ -179,6 +180,7 @@ void MemoryAllocator::InitializeCodePageAllocator(
                                 "CodeRange setup: allocate virtual memory");
   }
   code_range_ = reservation.region();
+  isolate_->AddCodeRange(code_range_.begin(), code_range_.size());
 
   // We are sure that we have mapped a block of requested addresses.
   DCHECK_GE(reservation.size(), requested);
@@ -1723,6 +1725,8 @@ void PagedSpace::MergeLocalSpace(LocalSpace* other) {
     // Relinking requires the category to be unlinked.
     other->RemovePage(p);
     AddPage(p);
+    // These code pages were allocated by the CompactionSpace.
+    if (identity() == CODE_SPACE) heap()->isolate()->AddCodeMemoryChunk(p);
     DCHECK_IMPLIES(
         !p->IsFlagSet(Page::NEVER_ALLOCATE_ON_PAGE),
         p->AvailableInFreeList() == p->AvailableInFreeListFromAllocatedBytes());
@@ -1843,6 +1847,10 @@ bool PagedSpace::Expand() {
   // Pages created during bootstrapping may contain immortal immovable objects.
   if (!heap()->deserialization_complete()) page->MarkNeverEvacuate();
   AddPage(page);
+  // If this is a non-compaction code space, this is a previously unseen page.
+  if (identity() == CODE_SPACE && !is_compaction_space()) {
+    heap()->isolate()->AddCodeMemoryChunk(page);
+  }
   Free(page->area_start(), page->area_size(),
        SpaceAccountingMode::kSpaceAccounted);
   heap()->NotifyOldGenerationExpansion();
@@ -1987,6 +1995,8 @@ void PagedSpace::ReleasePage(Page* page) {
     allocation_info_.Reset(kNullAddress, kNullAddress);
   }
 
+  heap()->isolate()->RemoveCodeMemoryChunk(page);
+
   AccountUncommitted(page->size());
   accounting_stats_.DecreaseCapacity(page->area_size());
   heap()->memory_allocator()->Free<MemoryAllocator::kPreFreeAndQueue>(page);
@@ -4413,10 +4423,12 @@ AllocationResult CodeLargeObjectSpace::AllocateRaw(int object_size) {
 void CodeLargeObjectSpace::AddPage(LargePage* page, size_t object_size) {
   OldLargeObjectSpace::AddPage(page, object_size);
   InsertChunkMapEntries(page);
+  heap()->isolate()->AddCodeMemoryChunk(page);
 }
 
 void CodeLargeObjectSpace::RemovePage(LargePage* page, size_t object_size) {
   RemoveChunkMapEntries(page);
+  heap()->isolate()->RemoveCodeMemoryChunk(page);
   OldLargeObjectSpace::RemovePage(page, object_size);
 }
 

test/cctest/BUILD.gn

@@ -193,6 +193,7 @@ v8_source_set("cctest_sources") {
     "test-bit-vector.cc",
     "test-circular-queue.cc",
     "test-code-layout.cc",
+    "test-code-pages.cc",
     "test-code-stub-assembler.cc",
     "test-compiler.cc",
     "test-constantpool.cc",

test/cctest/cctest.status

@@ -486,6 +486,7 @@
   'test-branch-combine/*': [SKIP],
   'test-code-assembler/*': [SKIP],
   'test-code-generator/*': [SKIP],
+  'test-code-pages/*': [SKIP],
   'test-code-stub-assembler/*': [SKIP],
   'test-js-context-specialization/*': [SKIP],
   'test-multiple-return/*': [SKIP],

test/cctest/test-code-pages.cc

+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/api/api-inl.h"
+#include "src/codegen/code-desc.h"
+#include "src/common/globals.h"
+#include "src/execution/isolate.h"
+#include "src/handles/handles-inl.h"
+#include "src/heap/factory.h"
+#include "src/heap/spaces.h"
+#include "src/libsampler/sampler.h"
+#include "test/cctest/cctest.h"
+
+namespace v8 {
+namespace internal {
+namespace test_code_pages {
+
+// We have three levels of support which have different behaviors to test.
+// 1 - Have code range. ARM64 and x64
+// 2 - Have code pages. ARM32 only
+// 3 - Nothing - This feature does not work on other platforms.
+#if defined(V8_TARGET_ARCH_ARM)
+static const bool kHaveCodeRange = false;
+static const bool kHaveCodePages = true;
+#else
+static const bool kHaveCodeRange = kRequiresCodeRange;
+static const bool kHaveCodePages = false;
+#endif  // defined(V8_TARGET_ARCH_ARM)
+
+static const char* foo_source = R"(
+  function foo%d(a, b) {
+    let x = a * b;
+    let y = x ^ b;
+    let z = y / a;
+    return x + y - z;
+  };
+  %%PrepareFunctionForOptimization(foo%d);
+  foo%d(1, 2);
+  foo%d(1, 2);
+  %%OptimizeFunctionOnNextCall(foo%d);
+  foo%d(1, 2);
+)";
+
+std::string getFooCode(int n) {
+  constexpr size_t kMaxSize = 512;
+  char foo_replaced[kMaxSize];
+  CHECK_LE(n, 999999);
+  snprintf(foo_replaced, kMaxSize, foo_source, n, n, n, n, n, n);
+
+  return std::string(foo_replaced);
+}
+
+namespace {
+
+bool PagesHasExactPage(std::vector<MemoryRange>* pages, Address search_page) {
+  void* addr = reinterpret_cast<void*>(search_page);
+  auto it =
+      std::find_if(pages->begin(), pages->end(),
+                   [addr](const MemoryRange& r) { return r.start == addr; });
+  return it != pages->end();
+}
+
+bool PagesHasExactPage(std::vector<MemoryRange>* pages, Address search_page,
+                       size_t size) {
+  void* addr = reinterpret_cast<void*>(search_page);
+  auto it = std::find_if(pages->begin(), pages->end(),
+                         [addr, size](const MemoryRange& r) {
+                           return r.start == addr && r.length_in_bytes == size;
+                         });
+  return it != pages->end();
+}
+
+bool PagesContainsAddress(std::vector<MemoryRange>* pages,
+                          Address search_address) {
+  byte* addr = reinterpret_cast<byte*>(search_address);
+  auto it =
+      std::find_if(pages->begin(), pages->end(), [addr](const MemoryRange& r) {
+        const byte* page_start = reinterpret_cast<const byte*>(r.start);
+        const byte* page_end = page_start + r.length_in_bytes;
+        return addr >= page_start && addr < page_end;
+      });
+  return it != pages->end();
+}
+
+}  // namespace
+
+TEST(CodeRangeCorrectContents) {
+  if (!kHaveCodeRange) return;
+
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+
+  const base::AddressRegion& code_range =
+      i_isolate->heap()->memory_allocator()->code_range();
+  CHECK(!code_range.is_empty());
+  // We should only have the code range and the embedded code range.
+  CHECK_EQ(2, pages->size());
+  CHECK(PagesHasExactPage(pages, code_range.begin(), code_range.size()));
+  CHECK(PagesHasExactPage(pages,
+                          reinterpret_cast<Address>(i_isolate->embedded_blob()),
+                          i_isolate->embedded_blob_size()));
+}
+
+TEST(CodePagesCorrectContents) {
+  if (!kHaveCodePages) return;
+
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+  // There might be other pages already.
+  CHECK_GE(pages->size(), 1);
+
+  const base::AddressRegion& code_range =
+      i_isolate->heap()->memory_allocator()->code_range();
+  CHECK(code_range.is_empty());
+
+  // We should have the embedded code range even when there is no regular code
+  // range.
+  CHECK(PagesHasExactPage(pages,
+                          reinterpret_cast<Address>(i_isolate->embedded_blob()),
+                          i_isolate->embedded_blob_size()));
+}
+
+TEST(OptimizedCodeWithCodeRange) {
+  if (!kHaveCodeRange) return;
+
+  FLAG_allow_natives_syntax = true;
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+  HandleScope scope(i_isolate);
+
+  std::string foo_str = getFooCode(1);
+  CompileRun(foo_str.c_str());
+  v8::Local<v8::Function> local_foo = v8::Local<v8::Function>::Cast(
+      env.local()->Global()->Get(env.local(), v8_str("foo1")).ToLocalChecked());
+  Handle<JSFunction> foo =
+      Handle<JSFunction>::cast(v8::Utils::OpenHandle(*local_foo));
+
+  AbstractCode abstract_code = foo->abstract_code();
+  // We don't produce optimized code when run with --no-opt.
+  if (!abstract_code.IsCode() && FLAG_opt == false) return;
+  CHECK(abstract_code.IsCode());
+  Code foo_code = abstract_code.GetCode();
+
+  CHECK(i_isolate->heap()->InSpace(foo_code, CODE_SPACE));
+
+  std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+  CHECK(PagesContainsAddress(pages, foo_code.address()));
+}
+
+TEST(OptimizedCodeWithCodePages) {
+  if (!kHaveCodePages) return;
+  // We don't want incremental marking to start which could cause the code to
+  // not be collected on the CollectGarbage() call.
+  ManualGCScope manual_gc_scope;
+  FLAG_allow_natives_syntax = true;
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  const void* created_page = nullptr;
+  int num_foos_created = 0;
+
+  {
+    HandleScope scope(i_isolate);
+
+    size_t num_code_pages = 0;
+    size_t initial_num_code_pages = 0;
+
+    // Keep generating new code until a new code page is added to the list.
+    for (int n = 0; n < 999999; n++) {
+      // Compile and optimize the code and get a reference to it.
+      std::string foo_str = getFooCode(n);
+      char foo_name[10];
+      snprintf(foo_name, sizeof(foo_name), "foo%d", n);
+      CompileRun(foo_str.c_str());
+      v8::Local<v8::Function> local_foo =
+          v8::Local<v8::Function>::Cast(env.local()
+                                            ->Global()
+                                            ->Get(env.local(), v8_str(foo_name))
+                                            .ToLocalChecked());
+      Handle<JSFunction> foo =
+          Handle<JSFunction>::cast(v8::Utils::OpenHandle(*local_foo));
+
+      AbstractCode abstract_code = foo->abstract_code();
+      // We don't produce optimized code when run with --no-opt.
+      if (!abstract_code.IsCode() && FLAG_opt == false) return;
+      CHECK(abstract_code.IsCode());
+      Code foo_code = abstract_code.GetCode();
+
+      CHECK(i_isolate->heap()->InSpace(foo_code, CODE_SPACE));
+
+      // Check that the generated code ended up in one of the code pages
+      // returned by GetCodePages().
+      byte* foo_code_ptr = reinterpret_cast<byte*>(foo_code.address());
+      std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+
+      // Wait until after we have created the first function to take the initial
+      // number of pages so that this test isn't brittle to irrelevant
+      // implementation details.
+      if (n == 0) {
+        initial_num_code_pages = pages->size();
+      }
+      num_code_pages = pages->size();
+
+      // Check that the code object was allocation on any of the pages returned
+      // by GetCodePages().
+      auto it = std::find_if(
+          pages->begin(), pages->end(), [foo_code_ptr](const MemoryRange& r) {
+            const byte* page_start = reinterpret_cast<const byte*>(r.start);
+            const byte* page_end = page_start + r.length_in_bytes;
+            return foo_code_ptr >= page_start && foo_code_ptr < page_end;
+          });
+      CHECK_NE(it, pages->end());
+
+      // Store the page that was created just for our functions - we expect it
+      // to be removed later.
+      if (num_code_pages > initial_num_code_pages) {
+        created_page = it->start;
+        num_foos_created = n + 1;
+        break;
+      }
+    }
+    CHECK_NOT_NULL(created_page);
+  }
+
+  // Now delete all our foos and force a GC and check that the page is removed
+  // from the list.
+  {
+    HandleScope scope(i_isolate);
+    for (int n = 0; n < num_foos_created; n++) {
+      char foo_name[10];
+      snprintf(foo_name, sizeof(foo_name), "foo%d", n);
+      env.local()
+          ->Global()
+          ->Set(env.local(), v8_str(foo_name), Undefined(isolate))
+          .Check();
+    }
+  }
+
+  CcTest::CollectGarbage(CODE_SPACE);
+
+  std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+  auto it = std::find_if(
+      pages->begin(), pages->end(),
+      [created_page](const MemoryRange& r) { return r.start == created_page; });
+  CHECK_EQ(it, pages->end());
+}
+
+TEST(LargeCodeObject) {
+  if (!kHaveCodeRange && !kHaveCodePages) return;
+  // We don't want incremental marking to start which could cause the code to
+  // not be collected on the CollectGarbage() call.
+  ManualGCScope manual_gc_scope;
+
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  // Create a big function that ends up in CODE_LO_SPACE.
+  const int instruction_size = Page::kPageSize + 1;
+  STATIC_ASSERT(instruction_size > kMaxRegularHeapObjectSize);
+  std::unique_ptr<byte[]> instructions(new byte[instruction_size]);
+
+  CodeDesc desc;
+  desc.buffer = instructions.get();
+  desc.buffer_size = instruction_size;
+  desc.instr_size = instruction_size;
+  desc.reloc_size = 0;
+  desc.constant_pool_size = 0;
+  desc.unwinding_info = nullptr;
+  desc.unwinding_info_size = 0;
+  desc.origin = nullptr;
+
+  Address stale_code_address;
+
+  {
+    HandleScope scope(i_isolate);
+    Handle<Code> foo_code =
+        Factory::CodeBuilder(i_isolate, desc, Code::WASM_FUNCTION).Build();
+
+    CHECK(i_isolate->heap()->InSpace(*foo_code, CODE_LO_SPACE));
+
+    std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+
+    if (kHaveCodeRange) {
+      CHECK(PagesContainsAddress(pages, foo_code->address()));
+    } else {
+      CHECK(PagesHasExactPage(pages, foo_code->address()));
+    }
+
+    stale_code_address = foo_code->address();
+  }
+
+  // Delete the large code object.
+  CcTest::CollectGarbage(CODE_LO_SPACE);
+  CHECK(!i_isolate->heap()->InSpaceSlow(stale_code_address, CODE_LO_SPACE));
+
+  // Check that it was removed from CodePages.
+  std::vector<MemoryRange>* pages = i_isolate->GetCodePages();
+  CHECK(!PagesHasExactPage(pages, stale_code_address));
+}
+
+static constexpr size_t kBufSize = v8::Isolate::kMinCodePagesBufferSize;
+
+class SignalSender : public sampler::Sampler {
+ public:
+  explicit SignalSender(v8::Isolate* isolate) : sampler::Sampler(isolate) {}
+
+  // Called during the signal/thread suspension.
+  void SampleStack(const v8::RegisterState& regs) override {
+    MemoryRange* code_pages_copy = code_pages_copy_.load();
+    CHECK_NOT_NULL(code_pages_copy);
+    size_t num_pages = isolate_->CopyCodePages(kBufSize, code_pages_copy);
+    CHECK_LE(num_pages, kBufSize);
+    sample_semaphore_.Signal();
+  }
+
+  // Called on the sampling thread to trigger a sample. Blocks until the sample
+  // is finished.
+  void SampleIntoVector(MemoryRange output_buffer[]) {
+    code_pages_copy_.store(output_buffer);
+    DoSample();
+    sample_semaphore_.Wait();
+    code_pages_copy_.store(nullptr);
+  }
+
+ private:
+  base::Semaphore sample_semaphore_{0};
+  std::atomic<MemoryRange*> code_pages_copy_{nullptr};
+};
+
+class SamplingThread : public base::Thread {
+ public:
+  explicit SamplingThread(SignalSender* signal_sender)
+      : base::Thread(base::Thread::Options("SamplingThread")),
+        signal_sender_(signal_sender) {}
+
+  // Blocks until a sample is taken.
+  void TriggerSample() { signal_sender_->SampleIntoVector(code_pages_copy_); }
+
+  void Run() override {
+    while (running_.load()) {
+      TriggerSample();
+    }
+  }
+
+  // Called from the main thread. Blocks until a sample is taken. Not
+  // thread-safe so do not call while this thread is running.
+  static std::vector<MemoryRange> DoSynchronousSample(v8::Isolate* isolate) {
+    MemoryRange code_pages_copy[kBufSize];
+    size_t num_pages = isolate->CopyCodePages(kBufSize, code_pages_copy);
+    DCHECK_LE(num_pages, kBufSize);
+    return std::vector<MemoryRange>{code_pages_copy,
+                                    &code_pages_copy[num_pages]};
+  }
+
+  void Stop() { running_.store(false); }
+
+ private:
+  std::atomic_bool running_{true};
+  SignalSender* signal_sender_;
+  MemoryRange code_pages_copy_[kBufSize];
+};
+
+TEST(LargeCodeObjectWithSignalHandler) {
+  if (!kHaveCodeRange && !kHaveCodePages) return;
+  // We don't want incremental marking to start which could cause the code to
+  // not be collected on the CollectGarbage() call.
+  ManualGCScope manual_gc_scope;
+
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  // Create a big function that ends up in CODE_LO_SPACE.
+  const int instruction_size = Page::kPageSize + 1;
+  STATIC_ASSERT(instruction_size > kMaxRegularHeapObjectSize);
+  std::unique_ptr<byte[]> instructions(new byte[instruction_size]);
+
+  CodeDesc desc;
+  desc.buffer = instructions.get();
+  desc.buffer_size = instruction_size;
+  desc.instr_size = instruction_size;
+  desc.reloc_size = 0;
+  desc.constant_pool_size = 0;
+  desc.unwinding_info = nullptr;
+  desc.unwinding_info_size = 0;
+  desc.origin = nullptr;
+
+  Address stale_code_address;
+
+  SignalSender signal_sender(isolate);
+  signal_sender.Start();
+  // Take an initial sample.
+  std::vector<MemoryRange> initial_pages =
+      SamplingThread::DoSynchronousSample(isolate);
+  SamplingThread sampling_thread(&signal_sender);
+
+  sampling_thread.StartSynchronously();
+
+  {
+    HandleScope scope(i_isolate);
+    Handle<Code> foo_code =
+        Factory::CodeBuilder(i_isolate, desc, Code::WASM_FUNCTION).Build();
+
+    CHECK(i_isolate->heap()->InSpace(*foo_code, CODE_LO_SPACE));
+
+    // Do a synchronous sample to ensure that we capture the state with the
+    // extra code page.
+    sampling_thread.Stop();
+    sampling_thread.Join();
+
+    // Check that the page was added.
+    std::vector<MemoryRange> pages =
+        SamplingThread::DoSynchronousSample(isolate);
+    if (kHaveCodeRange) {
+      CHECK(PagesContainsAddress(&pages, foo_code->address()));
+    } else {
+      CHECK(PagesHasExactPage(&pages, foo_code->address()));
+    }
+
+    stale_code_address = foo_code->address();
+  }
+
+  // Start async sampling again to detect threading issues.
+  sampling_thread.StartSynchronously();
+
+  // Delete the large code object.
+  CcTest::CollectGarbage(CODE_LO_SPACE);
+  CHECK(!i_isolate->heap()->InSpaceSlow(stale_code_address, CODE_LO_SPACE));
+
+  sampling_thread.Stop();
+  sampling_thread.Join();
+
+  std::vector<MemoryRange> pages = SamplingThread::DoSynchronousSample(isolate);
+  CHECK(!PagesHasExactPage(&pages, stale_code_address));
+
+  signal_sender.Stop();
+}
+
+TEST(Sorted) {
+  if (!kHaveCodeRange && !kHaveCodePages) return;
+  // We don't want incremental marking to start which could cause the code to
+  // not be collected on the CollectGarbage() call.
+  ManualGCScope manual_gc_scope;
+
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  Isolate* i_isolate = reinterpret_cast<Isolate*>(isolate);
+
+  // Create a big function that ends up in CODE_LO_SPACE.
+  const int instruction_size = Page::kPageSize + 1;
+  STATIC_ASSERT(instruction_size > kMaxRegularHeapObjectSize);
+  std::unique_ptr<byte[]> instructions(new byte[instruction_size]);
+
+  CodeDesc desc;
+  desc.buffer = instructions.get();
+  desc.buffer_size = instruction_size;
+  desc.instr_size = instruction_size;
+  desc.reloc_size = 0;
+  desc.constant_pool_size = 0;
+  desc.unwinding_info = nullptr;
+  desc.unwinding_info_size = 0;
+  desc.origin = nullptr;
+
+  // Take an initial sample.
+  std::vector<MemoryRange> initial_pages =
+      SamplingThread::DoSynchronousSample(isolate);
+  size_t initial_num_pages = initial_pages.size();
+
+  auto compare = [](const MemoryRange& a, const MemoryRange& b) {
+    return a.start < b.start;
+  };
+  {
+    HandleScope outer_scope(i_isolate);
+    Handle<Code> code1, code3;
+    Address code2_address;
+
+    code1 = Factory::CodeBuilder(i_isolate, desc, Code::WASM_FUNCTION).Build();
+    CHECK(i_isolate->heap()->InSpace(*code1, CODE_LO_SPACE));
+
+    {
+      HandleScope scope(i_isolate);
+
+      // Create three large code objects, we'll delete the middle one and check
+      // everything is still sorted.
+      Handle<Code> code2 =
+          Factory::CodeBuilder(i_isolate, desc, Code::WASM_FUNCTION).Build();
+      CHECK(i_isolate->heap()->InSpace(*code2, CODE_LO_SPACE));
+      code3 =
+          Factory::CodeBuilder(i_isolate, desc, Code::WASM_FUNCTION).Build();
+      CHECK(i_isolate->heap()->InSpace(*code3, CODE_LO_SPACE));
+
+      code2_address = code2->address();
+      CHECK(i_isolate->heap()->InSpaceSlow(code1->address(), CODE_LO_SPACE));
+      CHECK(i_isolate->heap()->InSpaceSlow(code2->address(), CODE_LO_SPACE));
+      CHECK(i_isolate->heap()->InSpaceSlow(code3->address(), CODE_LO_SPACE));
+
+      // Check that the pages were added.
+      std::vector<MemoryRange> pages =
+          SamplingThread::DoSynchronousSample(isolate);
+      if (kHaveCodeRange) {
+        CHECK_EQ(pages.size(), initial_num_pages);
+      } else {
+        CHECK_EQ(pages.size(), initial_num_pages + 3);
+      }
+
+      CHECK(std::is_sorted(pages.begin(), pages.end(), compare));
+
+      code3 = scope.CloseAndEscape(code3);
+    }
+    CHECK(i_isolate->heap()->InSpaceSlow(code1->address(), CODE_LO_SPACE));
+    CHECK(i_isolate->heap()->InSpaceSlow(code2_address, CODE_LO_SPACE));
+    CHECK(i_isolate->heap()->InSpaceSlow(code3->address(), CODE_LO_SPACE));
+    // Delete code2.
+    CcTest::CollectGarbage(CODE_LO_SPACE);
+    CHECK(i_isolate->heap()->InSpaceSlow(code1->address(), CODE_LO_SPACE));
+    CHECK(!i_isolate->heap()->InSpaceSlow(code2_address, CODE_LO_SPACE));
+    CHECK(i_isolate->heap()->InSpaceSlow(code3->address(), CODE_LO_SPACE));
+
+    std::vector<MemoryRange> pages =
+        SamplingThread::DoSynchronousSample(isolate);
+    if (kHaveCodeRange) {
+      CHECK_EQ(pages.size(), initial_num_pages);
+    } else {
+      CHECK_EQ(pages.size(), initial_num_pages + 2);
+    }
+    CHECK(std::is_sorted(pages.begin(), pages.end(), compare));
+  }
+}
+
+}  // namespace test_code_pages
+}  // namespace internal
+}  // namespace v8